<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="format-detection" content="telephone=no"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black"><link rel="icon" href="/images/icons/favicon-16x16.png?v=2.6.2" type="image/png" sizes="16x16"><link rel="icon" href="/images/icons/favicon-32x32.png?v=2.6.2" type="image/png" sizes="32x32"><meta name="description" content="Fundamental Cloud Security基本云安全">
<meta property="og:type" content="article">
<meta property="og:title" content="云计算第六章">
<meta property="og:url" content="https://kohler19.gitee.io/2022/03/25/cloud-computing4/index.html">
<meta property="og:site_name" content="愷龍的网络日志">
<meta property="og:description" content="Fundamental Cloud Security基本云安全">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://pic.imgdb.cn/item/623bbd1f27f86abb2a10d658.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623bbd7527f86abb2a126f27.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623bbda827f86abb2a134596.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623bbf2d27f86abb2a1aac45.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623bbfba27f86abb2a1d5d29.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623bc02127f86abb2a1f20e6.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623c710027f86abb2a157076.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623dafc727f86abb2a3a4e9e.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db09427f86abb2a40494d.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db2f027f86abb2a4fa025.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db35127f86abb2a51ac6e.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db3a227f86abb2a5421c6.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db3ec27f86abb2a564b8e.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db41b27f86abb2a57af4a.jpg">
<meta property="og:image" content="https://pic.imgdb.cn/item/623db6fd27f86abb2a69a4ab.jpg">
<meta property="og:image" content="https://s4.ax1x.com/2022/01/03/Tb8ZB4.png">
<meta property="article:published_time" content="2022-03-25T12:45:09.000Z">
<meta property="article:modified_time" content="2022-03-31T00:18:08.912Z">
<meta property="article:author" content="李恺龙">
<meta property="article:tag" content="云计算">
<meta property="article:tag" content="cloud-computing">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://pic.imgdb.cn/item/623bbd1f27f86abb2a10d658.jpg"><title>云计算第六章 | 愷龍的网络日志</title><link ref="canonical" href="https://kohler19.gitee.io/2022/03/25/cloud-computing4/"><link rel="dns-prefetch" href="https://cdn.jsdelivr.net"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.12.1/css/all.min.css" type="text/css"><link rel="stylesheet" href="/css/index.css?v=2.6.2"><script>var Stun = window.Stun || {};
var CONFIG = {
  root: '/',
  algolia: undefined,
  assistSearch: undefined,
  fontIcon: {"prompt":{"success":"fas fa-check-circle","info":"fas fa-arrow-circle-right","warning":"fas fa-exclamation-circle","error":"fas fa-times-circle"},"copyBtn":"fas fa-copy"},
  sidebar: {"offsetTop":"20px","tocMaxDepth":6},
  header: {"enable":true,"showOnPost":true,"scrollDownIcon":false},
  postWidget: {"endText":true},
  nightMode: {"enable":true},
  back2top: {"enable":true},
  codeblock: {"style":"default","highlight":"light","wordWrap":false},
  reward: false,
  fancybox: false,
  zoomImage: {"gapAside":"20px"},
  galleryWaterfall: undefined,
  lazyload: false,
  pjax: undefined,
  externalLink: {"icon":{"enable":true,"name":"fas fa-external-link-alt"}},
  shortcuts: undefined,
  prompt: {"copyButton":"复制","copySuccess":"复制成功","copyError":"复制失败"},
  sourcePath: {"js":"js","css":"css","images":"images"},
};

window.CONFIG = CONFIG;</script><meta name="generator" content="Hexo 5.4.0"></head><body><div class="container" id="container"><header class="header" id="header"><div class="header-inner"><nav class="header-nav header-nav--fixed"><div class="header-nav-inner"><div class="header-nav-menubtn"><i class="fas fa-bars"></i></div><div class="header-nav-menu"><div class="header-nav-menu-item"><a class="header-nav-menu-item__link" href="/"><span class="header-nav-menu-item__icon"><i class="fas fa-home"></i></span><span class="header-nav-menu-item__text">首页</span></a></div><div class="header-nav-menu-item"><a class="header-nav-menu-item__link" href="/archives/"><span class="header-nav-menu-item__icon"><i class="fas fa-folder-open"></i></span><span class="header-nav-menu-item__text">归档</span></a></div><div class="header-nav-menu-item"><a class="header-nav-menu-item__link" href="/分类/"><span class="header-nav-menu-item__icon"><i class="fas fa-layer-group"></i></span><span class="header-nav-menu-item__text">分类</span></a></div><div class="header-nav-menu-item"><a class="header-nav-menu-item__link" href="/标签/"><span class="header-nav-menu-item__icon"><i class="fas fa-tags"></i></span><span class="header-nav-menu-item__text">标签</span></a></div><div class="header-nav-menu-item"><a class="header-nav-menu-item__link" href="/categories/Book/"><span class="header-nav-menu-item__icon"><i class="fas fa-book"></i></span><span class="header-nav-menu-item__text">书籍</span></a></div></div><div class="header-nav-search"><span class="header-nav-search__icon"><i class="fas fa-search"></i></span><span class="header-nav-search__text">搜索</span></div><div class="header-nav-mode"><div class="mode"><div class="mode-track"><span class="mode-track-moon"></span><span class="mode-track-sun"></span></div><div class="mode-thumb"></div></div></div></div></nav><div class="header-banner"><div class="header-banner-info"><div class="header-banner-info__title">愷龍的网络日志</div><div class="header-banner-info__subtitle">每天多学一点，以后就少敲一点代码</div></div></div></div></header><main class="main" id="main"><div class="main-inner"><div class="content-wrap" id="content-wrap"><div class="content" id="content"><!-- Just used to judge whether it is an article page--><div id="is-post"></div><div class="post"><header class="post-header"><h1 class="post-title">云计算第六章</h1><div class="post-meta"><span class="post-meta-item post-meta-item--createtime"><span class="post-meta-item__icon"><i class="far fa-calendar-plus"></i></span><span class="post-meta-item__info">发表于</span><span class="post-meta-item__value">2022-03-25</span></span><span class="post-meta-item post-meta-item--updatetime"><span class="post-meta-item__icon"><i class="far fa-calendar-check"></i></span><span class="post-meta-item__info">更新于</span><span class="post-meta-item__value">2022-03-31</span></span></div></header><div class="post-body">
        <h1 id="Fundamental-Cloud-Security基本云安全"   >
          <a href="#Fundamental-Cloud-Security基本云安全" class="heading-link"><i class="fas fa-link"></i></a><a href="#Fundamental-Cloud-Security基本云安全" class="headerlink" title="Fundamental Cloud Security基本云安全"></a>Fundamental Cloud Security基本云安全</h1>
      <span id="more"></span>


        <h2 id="Basic-Terms-and-Concepts"   >
          <a href="#Basic-Terms-and-Concepts" class="heading-link"><i class="fas fa-link"></i></a><a href="#Basic-Terms-and-Concepts" class="headerlink" title="Basic Terms and Concepts"></a>Basic Terms and Concepts</h2>
      <p>&sect; Information security protects the integrity of and access to computer systems and data.<br>信息安全：保护计算机系统和数据的完整性和对它们的访问。<br>&sect; IT security measures aim to defend against threats and interference that arise from both malicious intent and unintentional user error.<br>IT安全措施：防御由于恶意的企图和无心的用户错误造成的威胁和干扰   </p>
<center>
<img src="https://pic.imgdb.cn/item/623bbd1f27f86abb2a10d658.jpg">
</center>


        <h3 id="Confidentiality-保密性"   >
          <a href="#Confidentiality-保密性" class="heading-link"><i class="fas fa-link"></i></a><a href="#Confidentiality-保密性" class="headerlink" title="Confidentiality 保密性"></a>Confidentiality 保密性</h3>
      <ul>
<li>Confidentiality is the characteristic of something being made accessible only to authorized parties<br>信息只被授权用户使用  </li>
<li>Within cloud environments, confidentiality primarily pertains to restricting access to data in transit and storage. </li>
</ul>
<center>
<img src="https://pic.imgdb.cn/item/623bbd7527f86abb2a126f27.jpg">
</center>


        <h3 id="Integrity-完整性"   >
          <a href="#Integrity-完整性" class="heading-link"><i class="fas fa-link"></i></a><a href="#Integrity-完整性" class="headerlink" title="Integrity 完整性"></a>Integrity 完整性</h3>
      <ul>
<li><p>Integrity is the characteristic of not having been altered by an unauthorized party.   </p>
<center>
<img src="https://pic.imgdb.cn/item/623bbda827f86abb2a134596.jpg">
</center></li>
<li><p>a cloud consumer can be guaranteed that the data it transmits to a cloud service matches the data received by that cloud service. </p>
</li>
</ul>

        <h3 id="Authenticity-真实性"   >
          <a href="#Authenticity-真实性" class="heading-link"><i class="fas fa-link"></i></a><a href="#Authenticity-真实性" class="headerlink" title="Authenticity 真实性"></a>Authenticity 真实性</h3>
      <ul>
<li>Authenticity is the characteristic of something having been provided by an authorized source.<br>信息是由经过授权的源提供的这一特性   </li>
<li>Authentication in non-repudiable(不可否认) interactions provides proof that these interactions are uniquely linked to an authorized source.    </li>
</ul>

        <h3 id="Availability-可用性"   >
          <a href="#Availability-可用性" class="heading-link"><i class="fas fa-link"></i></a><a href="#Availability-可用性" class="headerlink" title="Availability 可用性"></a>Availability 可用性</h3>
      <ul>
<li>Availability is the characteristic of being accessible and usable during a specified time period.<br>  在特定的时间段内可以访问和可以使用的特性   </li>
</ul>

        <h3 id="Threat-威胁"   >
          <a href="#Threat-威胁" class="heading-link"><i class="fas fa-link"></i></a><a href="#Threat-威胁" class="headerlink" title="Threat  威胁"></a>Threat  威胁</h3>
      <ul>
<li>A threat is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm.<br>一种潜在的安全性违反，企图侵犯隐私和/或造成伤害，以此可以挑战防御。</li>
</ul>
<blockquote>
<p>1.Both manually and automatically instigated（激起） threats are designed to exploit （利用 ）known weaknesses, also referred to as vulnerabilities(漏洞 ).<br>2.A threat that is carried out results in an attack. </p>
</blockquote>

        <h3 id="Vulnerability-漏洞"   >
          <a href="#Vulnerability-漏洞" class="heading-link"><i class="fas fa-link"></i></a><a href="#Vulnerability-漏洞" class="headerlink" title="Vulnerability 漏洞"></a>Vulnerability 漏洞</h3>
      <p> A vulnerability is a weakness that can be exploited either because it is protected by ①insufficient(不足的) security controls, or because ②existing security controls are overcome by an attack.<br>        漏洞是一种可能被利用的弱点   </p>
<blockquote>
<p>IT resource vulnerabilities can have a range of causes, including configuration deficiencies（缺陷）, security policy weaknesses, user errors, hardware or firmware（固件） flaws, software bugs, and poor security architecture. </p>
</blockquote>

        <h3 id="Risk-风险"   >
          <a href="#Risk-风险" class="heading-link"><i class="fas fa-link"></i></a><a href="#Risk-风险" class="headerlink" title="Risk 风险"></a>Risk 风险</h3>
      <p>Risk is the possibility of loss or harm arising from performing an activity.<br>    风险是指执行一个行为带来损失或危害的可能性。</p>
<blockquote>
<p>Risk is typically measured according to① its threat level and the② number of possible or known vulnerabilities. </p>
</blockquote>
<p>Two metrics(标准) :</p>
<blockquote>
<p>the probability of a threat occurring to exploit vulnerabilities in the IT resource            威胁的可能性<br>the expectation of loss upon the IT resource being compromised损失预期 </p>
</blockquote>

        <h3 id="Security-Controls-安全控制"   >
          <a href="#Security-Controls-安全控制" class="heading-link"><i class="fas fa-link"></i></a><a href="#Security-Controls-安全控制" class="headerlink" title="Security Controls 安全控制"></a>Security Controls 安全控制</h3>
      <p>Security controls are countermeasures（对策） used to prevent or respond to security threats and to reduce or avoid risk. </p>
<p>安全控制是用来预防或应对安全威胁，减少或避免风险的对策。 </p>
<blockquote>
<p>maximum protection of sensitive and critical IT resources.</p>
</blockquote>

        <h3 id="Security-Mechanisms-安全机制"   >
          <a href="#Security-Mechanisms-安全机制" class="heading-link"><i class="fas fa-link"></i></a><a href="#Security-Mechanisms-安全机制" class="headerlink" title="Security Mechanisms 安全机制"></a>Security Mechanisms 安全机制</h3>
      <p>Countermeasures are typically described in terms of security mechanisms, which are components comprising a defensive framework that protects IT resources, information, and services.    </p>
<p>对策通常以安全机制的形式来描述，安全机制是构成保护IT资源、信息和服务的防御框架的组件部分。  </p>

        <h3 id="Security-Policies安全策略"   >
          <a href="#Security-Policies安全策略" class="heading-link"><i class="fas fa-link"></i></a><a href="#Security-Policies安全策略" class="headerlink" title="Security Policies安全策略"></a>Security Policies安全策略</h3>
      <p>A security policy establishes a set of security rules and regulations.<br> 安全策略建立了一套安全规则和规章。   </p>
<blockquote>
<p>For example, the positioning（定位） and usage of security controls and mechanisms can be determined by security policies. </p>
</blockquote>

        <h2 id="Threat-Agents-威胁作俑者"   >
          <a href="#Threat-Agents-威胁作俑者" class="heading-link"><i class="fas fa-link"></i></a><a href="#Threat-Agents-威胁作俑者" class="headerlink" title="Threat Agents  威胁作俑者"></a>Threat Agents  威胁作俑者</h2>
      <p>A threat agent is an entity that ①poses a threat because it is capable of ②carrying out an attack.<br>    一个威胁作俑者是一个构成威胁的实体   </p>
<blockquote>
<p>Cloud security threats can originate either internally or externally①, from ②humans or software programs. </p>
</blockquote>
<center>
<img src="https://pic.imgdb.cn/item/623bbf2d27f86abb2a1aac45.jpg">
</center>

<p>↻Anonymous Attacker 匿名攻击者<br>↻Malicious Service Agent恶意服务作俑者<br>↻Trusted Attacker   授信的攻击者<br>↻Malicious Insider 恶意的内部人员</p>

        <h3 id="Anonymous-Attacker-匿名攻击者"   >
          <a href="#Anonymous-Attacker-匿名攻击者" class="heading-link"><i class="fas fa-link"></i></a><a href="#Anonymous-Attacker-匿名攻击者" class="headerlink" title="Anonymous Attacker 匿名攻击者"></a>Anonymous Attacker 匿名攻击者</h3>
      <p>An anonymous attacker is a non-trusted cloud service consumer without permissions in the cloud .<br>       云中没有权限、不被信任的云服务用户<br> <center><br><img src="https://pic.imgdb.cn/item/623bbfba27f86abb2a1d5d29.jpg"></p>
</center>
匿名攻击者是不被信任的威胁作俑者，通常试图从云边界的外部进行攻击。

<blockquote>
<p>It typically exists as<br> ①an external software program that launches network-level attacks through public networks.（方式）<br>anonymous attackers often resort to（采取）<br>②committing acts like bypassing user accounts or stealing user credentials, while using methods that either<br> ③ensure anonymity or require substantial resources for prosecution（检举）（匿名的含义）  </p>
</blockquote>

        <h3 id="Malicious-Service-Agent恶意服务作俑者"   >
          <a href="#Malicious-Service-Agent恶意服务作俑者" class="heading-link"><i class="fas fa-link"></i></a><a href="#Malicious-Service-Agent恶意服务作俑者" class="headerlink" title="Malicious Service Agent恶意服务作俑者"></a>Malicious Service Agent恶意服务作俑者</h3>
      <p>A malicious service agent is able to intercept and forward the network traffic that flows within a cloud . 能够拦截和转发云中的网络流量<br> <center><br><img src="https://pic.imgdb.cn/item/623bc02127f86abb2a1f20e6.jpg"></p>
</center>
恶意服务作俑者截取网络通信，试图恶意地使用或篡改数据   

<blockquote>
<p>It typically exists as①a service agent (or a program pretending to be a service agent) with compromised（损坏） or malicious logic.<br>It may also exist as ②an external program able to remotely intercept and potentially corrupt（破坏）message contents. </p>
</blockquote>

        <h3 id="Trusted-Attacker-授信的攻击者"   >
          <a href="#Trusted-Attacker-授信的攻击者" class="heading-link"><i class="fas fa-link"></i></a><a href="#Trusted-Attacker-授信的攻击者" class="headerlink" title="Trusted Attacker   授信的攻击者"></a>Trusted Attacker   授信的攻击者</h3>
      <p>A trusted attacker shares IT resources in the same cloud environment as ①the cloud consumer and attempts to exploit legitimate credentials to ②target cloud providers and the cloud tenants with whom they share IT resources    </p>
<center>
<img src="https://pic.imgdb.cn/item/623c710027f86abb2a157076.jpg">
</center>
①与同一云环境中的云用户共享IT资源    
  ②试图利用合法的证书来把云提供者以及与他们共享IT
    资源的云租户 作为攻击目标      

<blockquote>
<p>trusted attackers usually launch their attacks from ①within a cloud’s trust boundaries by abusing legitimate credentials or via the appropriation（挪用） of sensitive and confidential information<br>Trusted attackers (also known as② malicious tenants)恶意租户    </p>
</blockquote>

        <h3 id="Malicious-Insider-恶意的内部人员"   >
          <a href="#Malicious-Insider-恶意的内部人员" class="heading-link"><i class="fas fa-link"></i></a><a href="#Malicious-Insider-恶意的内部人员" class="headerlink" title="Malicious Insider 恶意的内部人员"></a>Malicious Insider 恶意的内部人员</h3>
      <p>Malicious insiders are ①human threat agents acting on behalf of or in relation to ②the cloud provider.<br> 恶意的内部人员是人为的威胁和云提供者有关的代理者<br>是试图滥用对云资源范围的访问特权的人</p>
<blockquote>
<p>They are typically current or former employees or third parties with access to the cloud provider’s premises.<br>     现任或前任雇员或者能够访问云提供者资源第三方<br>This type of threat agent carries tremendous damage potential   会带来巨大的破坏可能性</p>
</blockquote>
<p><em>Note 注释:</em><br>A notation(符号) used to represent a general form of human-driven attack is the workstation combined with a lightning(闪电) bolt   </p>
<center>
<img src="https://pic.imgdb.cn/item/623dafc727f86abb2a3a4e9e.jpg">
</center>
<center>
<em><font color="blue">表示通过工作站发起攻击的记号</font>
</em>
</center>


        <h2 id="Cloud-Security-Threats云安全威胁"   >
          <a href="#Cloud-Security-Threats云安全威胁" class="heading-link"><i class="fas fa-link"></i></a><a href="#Cloud-Security-Threats云安全威胁" class="headerlink" title="Cloud Security Threats云安全威胁"></a>Cloud Security Threats云安全威胁</h2>
      <p>↻Traffic Eavesdropping 流量窃听<br>↻Malicious Intermediary恶意媒介<br>↻Denial of Service 拒绝服务<br>↻Insufficient Authorization  授权不足<br>↻Virtualization Attack 虚拟化攻击<br>↻Overlapping Trust Boundaries      信任边界重叠   </p>

        <h3 id="Traffic-Eavesdropping-流量窃听"   >
          <a href="#Traffic-Eavesdropping-流量窃听" class="heading-link"><i class="fas fa-link"></i></a><a href="#Traffic-Eavesdropping-流量窃听" class="headerlink" title="Traffic Eavesdropping 流量窃听"></a>Traffic Eavesdropping 流量窃听</h3>
      <p>Traffic eavesdropping occurs when data being transferred to or within a cloud (①usually from the cloud consumer to the cloud provider) is passively intercepted by a ②malicious service agent for illegitimate information gathering purposes .<br><em><font color="blue">数据在传输过程被动地被恶意的服务作用者截获，非法的收集信息<br></font><br></em></p>
<blockquote>
<p>The aim of this attack is to directly compromise（破坏） the confidentiality .<br>it can more easily go undetected for extended periods of time.    </p>
</blockquote>
<center>
<img src="https://pic.imgdb.cn/item/623db09427f86abb2a40494d.jpg">
</center>


        <h3 id="Malicious-Intermediary恶意媒介"   >
          <a href="#Malicious-Intermediary恶意媒介" class="heading-link"><i class="fas fa-link"></i></a><a href="#Malicious-Intermediary恶意媒介" class="headerlink" title="Malicious Intermediary恶意媒介"></a>Malicious Intermediary恶意媒介</h3>
      <p>The malicious intermediary threat arises when messages are intercepted and altered by a malicious service agent.<br><em><font color="blue">此威胁是指消息被恶意服务作用者截获并被篡改</font><br></em></p>
<blockquote>
<p>compromising（破坏）the message’s confidentiality and/or integrity.<br>also insert harmful data into the message before forwarding it to its destination. </p>
</blockquote>
<center>
<img src="https://pic.imgdb.cn/item/623db2f027f86abb2a4fa025.jpg">
</center>


        <h3 id="Denial-of-Service-拒绝服务"   >
          <a href="#Denial-of-Service-拒绝服务" class="heading-link"><i class="fas fa-link"></i></a><a href="#Denial-of-Service-拒绝服务" class="headerlink" title="Denial of Service 拒绝服务"></a>Denial of Service 拒绝服务</h3>
      <p>The ①objective of the denial of service (DoS) attack is to ②overload IT resources to the point where they cannot function properly.<br><em><font color="blue">IT资源陷于瘫痪或不可用 =&gt;无法提供正常的服务</font><br></em></p>
<center>
<img src="https://pic.imgdb.cn/item/623db35127f86abb2a51ac6e.jpg">
</center>


        <h3 id="Insufficient-Authorization-授权不足"   >
          <a href="#Insufficient-Authorization-授权不足" class="heading-link"><i class="fas fa-link"></i></a><a href="#Insufficient-Authorization-授权不足" class="headerlink" title="Insufficient Authorization  授权不足"></a>Insufficient Authorization  授权不足</h3>
      <p>The insufficient authorization attack occurs when access is granted to an attacker erroneously（错误地）or too broadly.<br><em><font color="blue">错误地授予了攻击者的访问权限或者授权太宽泛</font><br></em></p>
<blockquote>
<p>Resulting in the attacker getting access to IT resources that are normally protected. </p>
</blockquote>
<center>
<img src="https://pic.imgdb.cn/item/623db3a227f86abb2a5421c6.jpg">
</center>

<p>A variation of this attack, known as weak authentication(弱认证), can result when weak password or shared accounts are used to protect IT resources.<br><em><font color="blue">一种变种称为弱认证<br></font><br></em></p>
<center>
<img src="https://pic.imgdb.cn/item/623db3ec27f86abb2a564b8e.jpg">
</center>


        <h3 id="Virtualization-Attack-虚拟化攻击"   >
          <a href="#Virtualization-Attack-虚拟化攻击" class="heading-link"><i class="fas fa-link"></i></a><a href="#Virtualization-Attack-虚拟化攻击" class="headerlink" title="Virtualization Attack 虚拟化攻击"></a>Virtualization Attack 虚拟化攻击</h3>
      <p>A virtualization attack exploits ①vulnerabilities（漏洞）in the virtualization platform to jeopardize(危害) its confidentiality(保密性), integrity (完整性), and/or availability (可用性).    </p>
<center>
<img src="https://pic.imgdb.cn/item/623db41b27f86abb2a57af4a.jpg">
</center>
<center>
<font face="楷体">An authorized cloud service consumer carries out a virtualization attack by   
①abusing its administrative access to a virtual server to② exploit the underlying hardware</font>
</center>


        <h3 id="Overlapping-Trust-Boundaries-信任边界重叠"   >
          <a href="#Overlapping-Trust-Boundaries-信任边界重叠" class="heading-link"><i class="fas fa-link"></i></a><a href="#Overlapping-Trust-Boundaries-信任边界重叠" class="headerlink" title="Overlapping Trust Boundaries      信任边界重叠"></a>Overlapping Trust Boundaries      信任边界重叠</h3>
      <p>If physical IT resources within a cloud are shared by different cloud service consumers, these cloud service consumers have overlapping trust boundaries.</p>
<blockquote>
<p>Malicious cloud service consumers can target shared IT resources with the intention of compromising cloud consumers or other IT resources that share the same trust boundary. </p>
</blockquote>
<p>–恶意的云服务用户可以把目标设定为共享的IT资源，意图损害其他共享同样信任边界的云服务用户或IT资源<br> –重叠的信任边界潜藏了一个威胁，攻击者可以利用多个云用户共享的基于云的IT资源。</p>
<center>
<img src="https://pic.imgdb.cn/item/623db6fd27f86abb2a69a4ab.jpg">
</center>


        <h2 id="Summary"   >
          <a href="#Summary" class="heading-link"><i class="fas fa-link"></i></a><a href="#Summary" class="headerlink" title="Summary"></a>Summary</h2>
      <p><font color="red">Basic Terms and Concepts  </font></p>
<ul>
<li>Confidentiality 保密性</li>
<li>Integrity 完整性</li>
<li>Authenticity 真实性</li>
<li>Availability 可用性</li>
<li>Threat  威胁</li>
<li>Vulnerability 漏洞</li>
<li>Risk 风险</li>
<li>Security Controls 安全控制</li>
<li>Security Mechanisms 安全机制</li>
<li>Security Policies安全策略</li>
</ul>
<p><font color="red">Threat Agents  威胁作俑者<br> </font></p>
<ul>
<li> Anonymous Attacker 匿名攻击者</li>
<li>Malicious Service Agent恶意服务作用者</li>
<li>Trusted Attacker   授信的攻击者</li>
<li>Malicious Insider 恶意的内部人员</li>
</ul>
<p><font color="red">Cloud Security Threats云安全威胁<br> </font></p>
<ul>
<li>Traffic Eavesdropping 流量窃听→保密性</li>
<li>Malicious Intermediary恶意媒介→保密性,完整性</li>
<li>Denial of Service 拒绝服务→可用性</li>
<li>Insufficient Authorization  授权不足→保密性,完整性</li>
<li>Virtualization Attack 虚拟化攻击→保密性,完整性,可用性</li>
<li>Overlapping Trust Boundaries     信任边界重叠→保密性,完整性,可用性</li>
</ul>
<center>如果您有什么问题或建议可以在下方的评论区评论，我会及时回复的。<center>
<center><font color="red">欢迎关注我的公众号，共同学习，共同提升！</font></center>
<center><font color="red">您可以通过公众号向我留言，也可以通过邮箱（lklong@88.com）联系我</font></center>
<center>
    <img src="https://s4.ax1x.com/2022/01/03/Tb8ZB4.png">
</center>

</div><footer class="post-footer"><div class="post-ending ending"><div class="ending__text">------ 本文结束，感谢您的阅读 ------</div></div><div class="post-copyright copyright"><div class="copyright-author"><span class="copyright-author__name">本文作者: </span><span class="copyright-author__value"><a href="https://kohler19.gitee.io">李恺龙</a></span></div><div class="copyright-link"><span class="copyright-link__name">本文链接: </span><span class="copyright-link__value"><a href="https://kohler19.gitee.io/2022/03/25/cloud-computing4/">https://kohler19.gitee.io/2022/03/25/cloud-computing4/</a></span></div><div class="copyright-notice"><span class="copyright-notice__name">版权声明: </span><span class="copyright-notice__value">本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en" rel="external nofollow" target="_blank">BY-NC-SA</a> 许可协议。转载请注明出处！</span></div></div><div class="post-tags"><span class="post-tags-item"><span class="post-tags-item__icon"><i class="fas fa-tag"></i></span><a class="post-tags-item__link" href="https://kohler19.gitee.io/tags/%E4%BA%91%E8%AE%A1%E7%AE%97/">云计算</a></span><span class="post-tags-item"><span class="post-tags-item__icon"><i class="fas fa-tag"></i></span><a class="post-tags-item__link" href="https://kohler19.gitee.io/tags/cloud-computing/">cloud-computing</a></span></div><nav class="post-paginator paginator"><div class="paginator-prev"><a class="paginator-prev__link" href="/2022/03/31/cloud-computing5/"><span class="paginator-prev__icon"><i class="fas fa-angle-left"></i></span><span class="paginator-prev__text">云计算第七章</span></a></div><div class="paginator-next"><a class="paginator-next__link" href="/2022/03/21/cloud-computing3/"><span class="paginator-prev__text">云计算第五章</span><span class="paginator-next__icon"><i class="fas fa-angle-right"></i></span></a></div></nav></footer></div></div><div class="comments" id="comments"><div id="valine-container"></div></div></div><div class="sidebar-wrap" id="sidebar-wrap"><aside class="sidebar" id="sidebar"><div class="sidebar-nav"><span class="sidebar-nav-toc current">文章目录</span><span class="sidebar-nav-ov">站点概览</span></div><section class="sidebar-toc"><ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#Fundamental-Cloud-Security%E5%9F%BA%E6%9C%AC%E4%BA%91%E5%AE%89%E5%85%A8"><span class="toc-number">1.</span> <span class="toc-text">
          Fundamental Cloud Security基本云安全</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#Basic-Terms-and-Concepts"><span class="toc-number">1.1.</span> <span class="toc-text">
          Basic Terms and Concepts</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#Confidentiality-%E4%BF%9D%E5%AF%86%E6%80%A7"><span class="toc-number">1.1.1.</span> <span class="toc-text">
          Confidentiality 保密性</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Integrity-%E5%AE%8C%E6%95%B4%E6%80%A7"><span class="toc-number">1.1.2.</span> <span class="toc-text">
          Integrity 完整性</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Authenticity-%E7%9C%9F%E5%AE%9E%E6%80%A7"><span class="toc-number">1.1.3.</span> <span class="toc-text">
          Authenticity 真实性</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Availability-%E5%8F%AF%E7%94%A8%E6%80%A7"><span class="toc-number">1.1.4.</span> <span class="toc-text">
          Availability 可用性</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Threat-%E5%A8%81%E8%83%81"><span class="toc-number">1.1.5.</span> <span class="toc-text">
          Threat  威胁</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Vulnerability-%E6%BC%8F%E6%B4%9E"><span class="toc-number">1.1.6.</span> <span class="toc-text">
          Vulnerability 漏洞</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Risk-%E9%A3%8E%E9%99%A9"><span class="toc-number">1.1.7.</span> <span class="toc-text">
          Risk 风险</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Security-Controls-%E5%AE%89%E5%85%A8%E6%8E%A7%E5%88%B6"><span class="toc-number">1.1.8.</span> <span class="toc-text">
          Security Controls 安全控制</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Security-Mechanisms-%E5%AE%89%E5%85%A8%E6%9C%BA%E5%88%B6"><span class="toc-number">1.1.9.</span> <span class="toc-text">
          Security Mechanisms 安全机制</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Security-Policies%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5"><span class="toc-number">1.1.10.</span> <span class="toc-text">
          Security Policies安全策略</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#Threat-Agents-%E5%A8%81%E8%83%81%E4%BD%9C%E4%BF%91%E8%80%85"><span class="toc-number">1.2.</span> <span class="toc-text">
          Threat Agents  威胁作俑者</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#Anonymous-Attacker-%E5%8C%BF%E5%90%8D%E6%94%BB%E5%87%BB%E8%80%85"><span class="toc-number">1.2.1.</span> <span class="toc-text">
          Anonymous Attacker 匿名攻击者</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Malicious-Service-Agent%E6%81%B6%E6%84%8F%E6%9C%8D%E5%8A%A1%E4%BD%9C%E4%BF%91%E8%80%85"><span class="toc-number">1.2.2.</span> <span class="toc-text">
          Malicious Service Agent恶意服务作俑者</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Trusted-Attacker-%E6%8E%88%E4%BF%A1%E7%9A%84%E6%94%BB%E5%87%BB%E8%80%85"><span class="toc-number">1.2.3.</span> <span class="toc-text">
          Trusted Attacker   授信的攻击者</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Malicious-Insider-%E6%81%B6%E6%84%8F%E7%9A%84%E5%86%85%E9%83%A8%E4%BA%BA%E5%91%98"><span class="toc-number">1.2.4.</span> <span class="toc-text">
          Malicious Insider 恶意的内部人员</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#Cloud-Security-Threats%E4%BA%91%E5%AE%89%E5%85%A8%E5%A8%81%E8%83%81"><span class="toc-number">1.3.</span> <span class="toc-text">
          Cloud Security Threats云安全威胁</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#Traffic-Eavesdropping-%E6%B5%81%E9%87%8F%E7%AA%83%E5%90%AC"><span class="toc-number">1.3.1.</span> <span class="toc-text">
          Traffic Eavesdropping 流量窃听</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Malicious-Intermediary%E6%81%B6%E6%84%8F%E5%AA%92%E4%BB%8B"><span class="toc-number">1.3.2.</span> <span class="toc-text">
          Malicious Intermediary恶意媒介</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Denial-of-Service-%E6%8B%92%E7%BB%9D%E6%9C%8D%E5%8A%A1"><span class="toc-number">1.3.3.</span> <span class="toc-text">
          Denial of Service 拒绝服务</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Insufficient-Authorization-%E6%8E%88%E6%9D%83%E4%B8%8D%E8%B6%B3"><span class="toc-number">1.3.4.</span> <span class="toc-text">
          Insufficient Authorization  授权不足</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Virtualization-Attack-%E8%99%9A%E6%8B%9F%E5%8C%96%E6%94%BB%E5%87%BB"><span class="toc-number">1.3.5.</span> <span class="toc-text">
          Virtualization Attack 虚拟化攻击</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Overlapping-Trust-Boundaries-%E4%BF%A1%E4%BB%BB%E8%BE%B9%E7%95%8C%E9%87%8D%E5%8F%A0"><span class="toc-number">1.3.6.</span> <span class="toc-text">
          Overlapping Trust Boundaries      信任边界重叠</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#Summary"><span class="toc-number">1.4.</span> <span class="toc-text">
          Summary</span></a></li></ol></li></ol></section><!-- ov = overview--><section class="sidebar-ov hide"><div class="sidebar-ov-author"><div class="sidebar-ov-author__avatar"><img class="sidebar-ov-author__avatar_img" src="https://s4.ax1x.com/2022/01/03/Tb2VW6.png" alt="avatar"></div><p class="sidebar-ov-author__text">格物致知，知行合一</p></div><div class="sidebar-ov-social"><a class="sidebar-ov-social-item" href="https://s4.ax1x.com/2022/01/03/Tb8ZB4.png" target="_blank" rel="noopener" data-popover="微信" data-popover-pos="up"><span class="sidebar-ov-social-item__icon"><i class="fab fa-weixin"></i></span></a><a class="sidebar-ov-social-item" href="mailto:lklong@88.com" target="_blank" rel="noopener" data-popover="social.Email" data-popover-pos="up"><span class="sidebar-ov-social-item__icon">lklong@88.com</span></a></div><div class="sidebar-ov-cc"><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en" target="_blank" rel="noopener" data-popover="知识共享许可协议" data-popover-pos="up"><img src="/images/cc-by-nc-sa.svg"></a></div></section><div class="sidebar-reading"><div class="sidebar-reading-info"><span class="sidebar-reading-info__text">你已阅读了 </span><span class="sidebar-reading-info__num">0</span><span class="sidebar-reading-info__perc">%</span></div><div class="sidebar-reading-line"></div></div></aside></div><div class="clearfix"></div></div></main><footer class="footer" id="footer"><div class="footer-inner"><div><span>Copyright © 2023</span><span class="footer__icon"><i class="fas fa-heart"></i></span><span>愷龍 All Rights Reserved</span></div><div><span>由 <a href="http://hexo.io/" title="Hexo" target="_blank" rel="noopener">Hexo</a> 强力驱动</span><span> v5.4.0</span><span class="footer__devider">|</span><span>主题 - <a href="https://github.com/liuyib/hexo-theme-stun/" title="Stun" target="_blank" rel="noopener">Stun</a></span><span> v2.6.2</span></div></div></footer><div class="loading-bar" id="loading-bar"><div class="loading-bar__progress"></div></div><div class="back2top" id="back2top"><span class="back2top__icon"><i class="fas fa-rocket"></i></span></div></div><div class="search-mask"></div><div class="search-popup"><span class="search-close"></span><div class="search-input"><input placeholder="搜索文章（支持多关键词，请用空格分隔）"></div><div class="search-results"></div></div><script src="https://cdn.jsdelivr.net/npm/jquery@v3.4.1/dist/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/velocity-animate@1.5.2/velocity.min.js"></script><script src="https://cdn.jsdelivr.net/npm/velocity-animate@1.5.2/velocity.ui.min.js"></script><script>function initSearch() {
  var isXML = true;
  var search_path = 'search.xml';

  if (!search_path) {
    search_path = 'search.xml';
  } else if (/json$/i.test(search_path)) {
    isXML = false;
  }

  var path = '/' + search_path;
  $.ajax({
    url: path,
    dataType: isXML ? 'xml' : 'json',
    async: true,
    success: function (res) {
      var datas = isXML ? $('entry', res).map(function () {
        // 将 XML 转为 JSON
        return {
          title: $('title', this).text(),
          content: $('content', this).text(),
          url: $('url', this).text()
        };
      }).get() : res;
      var $input = $('.search-input input');
      var $result = $('.search-results');
      // 搜索对象（标题、内容）的权重，影响显示顺序
      var WEIGHT = { title: 100, content: 1 };
      var searchPost = function () {
        var searchText = $input.val().toLowerCase().trim();
        // 根据空白字符分隔关键字
        var keywords = searchText.split(/[\s]+/);
        // 搜索结果
        var matchPosts = [];

        // 有多个关键字时，将原文字整个保存下来
        if (keywords.length > 1) {
          keywords.push(searchText);
        }
        // 防止未输入字符时搜索
        if (searchText.length > 0) {
          datas.forEach(function (data) {
            var isMatch  = false;
            // 没有标题的文章使用预设的 i18n 变量代替
            var title = (data.title && data.title.trim()) || '[ 文章无标题 ]';
            var titleLower = title && title.toLowerCase();
            // 删除 HTML 标签 和 所有空白字符
            var content = data.content && data.content.replace(/<[^>]+>/g, '');
            var contentLower = content && content.toLowerCase();
            // 删除重复的 /
            var postURL = data.url && decodeURI(data.url).replace(/\/{2,}/g, '/');
            // 标题中匹配到的关键词
            var titleHitSlice = [];
            // 内容中匹配到的关键词
            var contentHitSlice = [];

            keywords.forEach(function (keyword) {
              /**
              * 获取匹配的关键词的索引
              * @param {String} keyword 要匹配的关键字
              * @param {String} text 原文字
              * @param {Boolean} caseSensitive 是否区分大小写
              * @param {Number} weight 匹配对象的权重。权重大的优先显示
              * @return {Array}
              */
              function getIndexByword (word, text, caseSensitive, weight) {
                if (!word || !text) {
                  return [];
                };

                var startIndex = 0; // 每次匹配的开始索引
                var index = -1;     // 匹配到的索引值
                var result = [];    // 匹配结果

                if (!caseSensitive) {
                  word = word.toLowerCase();
                  text = text.toLowerCase();
                }

                while((index = text.indexOf(word, startIndex)) !== -1) {
                  var hasMatch = false;
                  // 索引位置相同的关键词，保留长度较长的
                  titleHitSlice.forEach(function (hit) {
                    if (hit.index === index && hit.word.length < word.length) {
                      hit.word = word;
                      hasMatch = true;
                    }
                  });
                  startIndex = index + word.length;
                  !hasMatch && result.push({ index: index, word: word, weight: weight });
                }
                return result;
              }
              titleHitSlice = titleHitSlice.concat(getIndexByword(keyword, titleLower, false, WEIGHT.title));
              contentHitSlice = contentHitSlice.concat(getIndexByword(keyword, contentLower, false, WEIGHT.content));
            });

            var hitTitle = titleHitSlice.length;
            var hitContent = contentHitSlice.length;

            if (hitTitle > 0 || hitContent > 0) {
              isMatch = true;
            }
            if (isMatch) {
              ;[titleHitSlice, contentHitSlice].forEach(function (hit) {
                // 按照匹配文字的索引的递增顺序排序
                hit.sort(function (left, right) {
                  return left.index - right.index;
                });
              });
              /**
              * 给文本中匹配到的关键词添加标记，从而进行高亮显示
              * @param {String} text 原文本
              * @param {Array} hitSlice 匹配项的索引信息
              * @param {Number} start 开始索引
              * @param {Number} end 结束索引
              * @return {String}
              */
              function highlightKeyword (text, hitSlice, start, end) {
                if (!text || !hitSlice || !hitSlice.length) {
                  return;
                }

                var result = '';
                var startIndex = start;
                var endIndex = end;
                hitSlice.forEach(function (hit) {
                  if (hit.index < startIndex) {
                    return;
                  }

                  var hitWordEnd = hit.index + hit.word.length;
                  result += text.slice(startIndex, hit.index);
                  result += '<b>' + text.slice(hit.index, hitWordEnd) + '</b>';
                  startIndex = hitWordEnd;
                });
                result += text.slice(startIndex, endIndex);
                return result;
              }

              var postData = {};
              // 文章总的搜索权重
              var postWeight = titleHitSlice.length * WEIGHT.title + contentHitSlice.length * WEIGHT.content;
              // 标记匹配关键词后的标题
              var postTitle = highlightKeyword(title, titleHitSlice, 0, title.length) || title;
              // 标记匹配关键词后的内容
              var postContent;
              // 显示内容的长度
              var SHOW_WORD_LENGTH = 200;
              // 命中关键词前的字符显示长度
              var SHOW_WORD_FRONT_LENGTH = 20;
              var SHOW_WORD_END_LENGTH = SHOW_WORD_LENGTH - SHOW_WORD_FRONT_LENGTH;

              // 截取匹配的第一个字符，前后共 200 个字符来显示
              if (contentHitSlice.length > 0) {
                var firstIndex = contentHitSlice[0].index;
                var start = firstIndex > SHOW_WORD_FRONT_LENGTH ? firstIndex - SHOW_WORD_FRONT_LENGTH : 0;
                var end = firstIndex + SHOW_WORD_END_LENGTH;
                postContent = highlightKeyword(content, contentHitSlice, start, end);
              } else { // 未匹配到内容，直接截取前 200 个字符来显示
                postContent = content.slice(0, SHOW_WORD_LENGTH);
              }
              postData.title = postTitle;
              postData.content = postContent;
              postData.url = postURL;
              postData.weight = postWeight;
              matchPosts.push(postData);
            }
          });
        }

        var resultInnerHtml = '';
        if (matchPosts.length) {
          // 按权重递增的顺序排序，使权重大的优先显示
          matchPosts.sort(function (left, right) {
            return right.weight - left.weight;
          });
          resultInnerHtml += '<ul>';
          matchPosts.forEach(function (post) {
            resultInnerHtml += '<li><a class="search-results-title" href="' + post.url + '">';
            resultInnerHtml += post.title;
            resultInnerHtml += '</a><div class="search-results-content">';
            resultInnerHtml += post.content;
            resultInnerHtml += '</div></li>';
          });
          resultInnerHtml += '</ul>';
        } else {
          resultInnerHtml += '<div class="search-results-none"><i class="far fa-meh"></i></div>';
        }
        $result.html(resultInnerHtml);
      };
      $input.on('input', searchPost);
      $input.on('keyup', function (e) {
        if (e.keyCode === Stun.utils.codeToKeyCode('Enter')) {
          searchPost();
        }
      });
    }
  });
}

function closeSearch () {
  $('body').css({ overflow: 'auto' });
  $('.search-popup').css({ display: 'none' });
  $('.search-mask').css({ display: 'none' });
}

window.addEventListener('DOMContentLoaded', function () {
  Stun.utils.pjaxReloadLocalSearch = function () {
    $('.header-nav-search').on('click', function (e) {
      e.stopPropagation();
      $('body').css('overflow', 'hidden');
      $('.search-popup')
        .velocity('stop')
        .velocity('transition.expandIn', {
          duration: 300,
          complete: function () {
            $('.search-popup input').focus();
          }
        });
      $('.search-mask')
        .velocity('stop')
        .velocity('transition.fadeIn', {
          duration: 300
        });

      initSearch();
    });
    $('.search-mask, .search-close').on('click', function () {
      closeSearch();
    });
    $(document).on('keydown', function (e) {
      // Escape <=> 27
      if (e.keyCode === Stun.utils.codeToKeyCode('Escape')) {
        closeSearch();
      }
    });
  };

  Stun.utils.pjaxReloadLocalSearch();
}, false);

function safeOpenUrl(url) {
  var newTab = window.open();
  newTab.opener = null;
  newTab.location = url;
}

function extSearch(engine) {
  var engines = {
    google: 'https://www.google.com/search?q=',
    bing: 'https://cn.bing.com/search?q=',
    baidu: 'https://www.baidu.com/s?ie=UTF-8&wd=',
  };
  var host = window.location.host;
  var query = $('.search-input input').val().toLowerCase().trim();
  var uri = engines[engine] + query + ' site:' + host;

  if (query) {
    safeOpenUrl(uri);
  } else {
    Stun.utils.popAlert('warning', '请输入字符');
  }
}

var assistSearchList = window.CONFIG.assistSearch;

if (Array.isArray(assistSearchList)) {
  assistSearchList.forEach(function (name) {
    document.querySelector('.search-btns-item--' + name).addEventListener('click', function () {
      extSearch(name);
    }, false);
  });
}</script><script src="https://cdn.jsdelivr.net/npm/leancloud-storage@latest/dist/av-min.js"></script><script src="https://cdn.jsdelivr.net/npm/valine@latest/dist/Valine.min.js"></script><script>function loadValine () {
  var GUEST_INFO = ['nick', 'mail', 'link'];
  var guest_info = 'nick,mail,link';

  guest_info = guest_info.split(',').filter(function(item) {
    return GUEST_INFO.indexOf(item) > -1;
  });
  new Valine({
    el: '#valine-container',
    appId: 'lxsmJYFBR3TcsTpKPFWSN0HX-gzGzoHsz',
    appKey: 'lW6taHRzBHFtJeWSSzXXMAxH',
    notify: true,
    verify: true,
    placeholder: 'Just go go',
    avatar: 'mp',
    meta: guest_info,
    pageSize: '10' || 10,
    visitor: false,
    recordIP: false,
    lang: '' || 'zh-cn',
    path: window.location.pathname
  });
}

if (false) {
  loadValine();
} else {
  window.addEventListener('DOMContentLoaded', loadValine, false);
}</script><script src="/js/utils.js?v=2.6.2"></script><script src="/js/stun-boot.js?v=2.6.2"></script><script src="/js/scroll.js?v=2.6.2"></script><script src="/js/header.js?v=2.6.2"></script><script src="/js/sidebar.js?v=2.6.2"></script><script type="application/json" src="/search.xml"></script></body></html>